Skip to content

Remove alibi-detect and alibi-explain from MLServer base image due to license mismatch #2267

New issue
New issue
Open
Open
Remove alibi-detect and alibi-explain from MLServer base image due to license mismatch#2267
@Snomaan6846

Description

@Snomaan6846
Snomaan6846
opened on Sep 18, 2025

Description

Currently, the MLServer base Docker image includes both alibi-detect and alibi-explain.
These two libraries are distributed under the Business Source License 1.1 (BSL 1.1), while MLServer itself is licensed under Apache 2.0.

This combination can be misleading to end users, since they may assume that the entire MLServer image is Apache 2.0 licensed and can be freely used in commercial environments. However, the inclusion of these libraries introduces potential licensing restrictions which could lead to accidental non-compliance.

Steps to Reproduce

  1. Pull the latest MLServer image.
  2. Inspect the installed libraries (pip show alibi and pip show alibi-detect).
  3. Notice that both alibi-detect and alibi-explain are bundled by default with BSL 1.1.
pip show alibi-detect
Name: alibi-detect
Version: 0.12.1.dev0
Summary: Algorithms for outlier detection, concept drift and metrics.
Home-page: https://github.com/SeldonIO/alibi-detect
Author: Seldon Technologies Ltd.
Author-email: [email protected]
License: Business Source License 1.1
Location: /opt/conda/lib/python3.10/site-packages
Requires: catalogue, dill, matplotlib, numba, numpy, opencv-python, pandas, Pillow, pydantic, requests, scikit-image, scikit-learn, scipy, toml, tqdm, transformers, typing-extensions

pip show alibi       
Name: alibi
Version: 0.9.7.dev0
Summary: Algorithms for monitoring and explaining machine learning models
Home-page: https://github.com/SeldonIO/alibi
Author: Seldon Technologies Ltd.
Author-email: [email protected]
License: Business Source License 1.1
Location: /opt/conda/lib/python3.10/site-packages
Requires: attrs, blis, dill, matplotlib, numpy, pandas, Pillow, requests, scikit-image, scikit-learn, scipy, spacy, tqdm, transformers, typing-extensions
Required-by: mlserver-alibi-explain

Impact

  • Users may unintentionally deploy MLServer in commercial settings under the assumption of full Apache 2.0 licensing.
  • Legal and compliance risks due to mixing Apache 2.0 with BSL 1.1 dependencies.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions